3'rd When user uploads files check check file extension+basename($ofuploadfile)(do any sanitization +validation on file name)If that uploaded successfully move it to user folder(You need to get it from database.table.USER_ID)Write to database to that file name+Give to that Unique FIle ID+Check MD5 of that file on file system then insert to database it,IP address of uploader etc etc.)

Ok seems thats all with upload.

But how to download that files?Instead of using file name when downloading that userfiles:1'st check is downloader user authenticated on your system?(SESSION check)2'nd make your download URL's like: